diff --git a/.gitignore b/.gitignore index 5acda05b..748c309f 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,23 @@ Thumbs.db # Database files loom.db* + +# Local environment +.env +.env.* + +# Claude Code +.claude/ + +# Playwright MCP screenshots +.playwright-mcp/ + +# Session-specific files +CURRENT_SESSION_CONTEXT.md + +# Local convenience scripts/docs (not part of repo) +main.sh +/docs/ + +# npm lockfile (project uses pnpm) +package-lock.json diff --git a/crates/loom-weaver-audit-sidecar/Cargo.toml b/crates/loom-weaver-audit-sidecar/Cargo.toml index 57b7952f..2403bb22 100644 --- a/crates/loom-weaver-audit-sidecar/Cargo.toml +++ b/crates/loom-weaver-audit-sidecar/Cargo.toml @@ -39,9 +39,6 @@ prometheus = "0.13" # Axum for health endpoint axum = "0.7" -# eBPF userspace library -aya = "0.13" - # Cryptographic hashing sha2 = "0.10" @@ -60,3 +57,8 @@ ebpf = [] proptest = { workspace = true } tempfile = { workspace = true } tokio-test = { workspace = true } + +# Linux-only dependencies +[target.'cfg(target_os = "linux")'.dependencies] +# eBPF userspace library - Linux only (uses netlink, bpf syscalls) +aya = "0.13" diff --git a/crates/loom-weaver-audit-sidecar/src/loader.rs b/crates/loom-weaver-audit-sidecar/src/loader.rs index c77a1a54..548cb422 100644 --- a/crates/loom-weaver-audit-sidecar/src/loader.rs +++ b/crates/loom-weaver-audit-sidecar/src/loader.rs @@ -1,6 +1,13 @@ // Copyright (c) 2025 Geoffrey Huntley . All rights reserved. // SPDX-License-Identifier: Proprietary +//! eBPF audit loader for Linux systems. +//! +//! This module is only compiled on Linux with the `ebpf` feature enabled. +//! On other platforms, the audit sidecar runs in stub mode without eBPF monitoring. + +#![cfg(all(feature = "ebpf", target_os = "linux"))] + // The LoaderError enum is intentionally large due to the aya::programs::ProgramError // contained in the Attach variant. Boxing would add unnecessary complexity for // error types that are only used at startup/initialization time. diff --git a/crates/loom-weaver-audit-sidecar/src/main.rs b/crates/loom-weaver-audit-sidecar/src/main.rs index 8fd0ee79..b25ff957 100644 --- a/crates/loom-weaver-audit-sidecar/src/main.rs +++ b/crates/loom-weaver-audit-sidecar/src/main.rs @@ -11,6 +11,7 @@ mod event_processor; mod events; mod filter; mod health; +#[cfg(all(feature = "ebpf", target_os = "linux"))] mod loader; mod metrics; @@ -30,7 +31,7 @@ use crate::config::Config; use crate::event_processor::{EventProcessor, EventProcessorConfig}; use crate::events::WeaverAuditEvent; use crate::health::{health_router, HealthState}; -#[cfg(feature = "ebpf")] +#[cfg(all(feature = "ebpf", target_os = "linux"))] use crate::loader::EbpfAuditLoader; use crate::metrics::Metrics; @@ -181,6 +182,7 @@ async fn main() -> Result<()> { )); // Bounded channel for raw eBPF events to prevent OOM from unbounded task spawning + #[allow(unused_variables)] let (raw_event_tx, mut raw_event_rx) = mpsc::channel::>(1000); // Spawn consumer task to process raw events @@ -191,7 +193,7 @@ async fn main() -> Result<()> { } }); - #[cfg(feature = "ebpf")] + #[cfg(all(feature = "ebpf", target_os = "linux"))] let ebpf_loaded = match EbpfAuditLoader::new() { Ok(loader) => { let attached = loader.attached_count(); @@ -234,9 +236,9 @@ async fn main() -> Result<()> { } }; - #[cfg(not(feature = "ebpf"))] + #[cfg(not(all(feature = "ebpf", target_os = "linux")))] let ebpf_loaded = { - info!("eBPF feature not enabled, running in stub mode"); + info!("eBPF not available (feature disabled or not on Linux), running in stub mode"); health_state.set_ebpf_status(0, 0).await; false }; diff --git a/web/loom-web/vite.config.ts b/web/loom-web/vite.config.ts index 698a9786..bb86a0de 100644 --- a/web/loom-web/vite.config.ts +++ b/web/loom-web/vite.config.ts @@ -26,6 +26,10 @@ export default defineConfig({ target: 'http://127.0.0.1:8080', changeOrigin: true, }, + '/auth': { + target: 'http://127.0.0.1:8080', + changeOrigin: true, + }, }, }, test: {